restyle add-wallet tabs: 'From' prefix, underline tab style

- Tab labels: 'From Phrase', 'From Key', 'From xprv'
- Visual: bottom-border underline on active tab (not filled buttons)
- Inactive tabs: muted text with hover highlight
- Container: bottom border connects tabs to content area

.gitignore

@@ -25,3 +25,4 @@ dist/
 
 # Yarn
 .yarn-integrity
+package-lock.json

src/popup/index.html

@@ -56,9 +56,37 @@
                     < Back
                 </button>
                 <h2 class="font-bold mb-2">Add Wallet</h2>
+
+                <!-- Mode selector tabs -->
+                <div
+                    class="flex border-b border-border mb-3"
+                    id="add-wallet-tabs"
+                >
+                    <button
+                        id="tab-mnemonic"
+                        class="px-2 py-1 cursor-pointer text-xs border-b-2 border-fg font-bold"
+                    >
+                        From Phrase
+                    </button>
+                    <button
+                        id="tab-privkey"
+                        class="px-2 py-1 cursor-pointer text-xs border-b-2 border-transparent text-muted hover:text-fg"
+                    >
+                        From Key
+                    </button>
+                    <button
+                        id="tab-xprv"
+                        class="px-2 py-1 cursor-pointer text-xs border-b-2 border-transparent text-muted hover:text-fg"
+                    >
+                        From xprv
+                    </button>
+                </div>
+
+                <!-- Mnemonic form section -->
+                <div id="add-wallet-section-mnemonic">
                     <p class="mb-2">
-                    Enter your 12 or 24 word recovery phrase below, or click the
-                    button to roll the die for a new one.
+                        Enter your 12 or 24 word recovery phrase below, or click
+                        the button to roll the die for a new one.
                     </p>
                     <div class="mb-1 flex justify-end">
                         <button
@@ -81,12 +109,51 @@
                         id="add-wallet-phrase-warning"
                         class="text-xs mb-2 border border-border border-dashed p-2 hidden"
                     >
-                    Write these words down and keep them safe. Anyone with them
-                    can take your funds; if you lose them, your wallet is gone.
+                        Write these words down and keep them safe. Anyone with
+                        them can take your funds; if you lose them, your wallet
+                        is gone.
                     </div>
+                </div>
+
+                <!-- Private key form section -->
+                <div id="add-wallet-section-privkey" class="hidden">
+                    <p class="mb-2">
+                        Paste your private key below. This wallet will have a
+                        single address.
+                    </p>
+                    <div class="mb-2">
+                        <input
+                            type="password"
+                            id="import-private-key"
+                            class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg"
+                            placeholder="0x..."
+                        />
+                    </div>
+                </div>
+
+                <!-- Extended key (xprv) form section -->
+                <div id="add-wallet-section-xprv" class="hidden">
+                    <p class="mb-2">
+                        Paste your extended private key (xprv) below. This will
+                        import the HD wallet and scan for used addresses.
+                    </p>
+                    <div class="mb-2">
+                        <input
+                            type="password"
+                            id="import-xprv-key"
+                            class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg"
+                            placeholder="xprv..."
+                        />
+                    </div>
+                </div>
+
+                <!-- Shared password fields -->
                 <div class="mb-2" id="add-wallet-password-section">
                     <label class="block mb-1">Choose a password</label>
-                    <p class="text-xs text-muted mb-1">
+                    <p
+                        class="text-xs text-muted mb-1"
+                        id="add-wallet-password-hint"
+                    >
                         This password encrypts your recovery phrase on this
                         device. You will need it to send funds.
                     </p>
@@ -107,64 +174,6 @@
                 <button
                     id="btn-add-wallet-confirm"
                     class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer"
-                >
-                    Add
-                </button>
-                <div class="mt-3 text-xs text-muted">
-                    Have a private key instead?
-                    <button
-                        id="btn-add-wallet-import-key"
-                        class="underline cursor-pointer bg-transparent border-none text-fg text-xs font-mono p-0"
-                    >
-                        Import private key
-                    </button>
-                </div>
-            </div>
-
-            <!-- ============ IMPORT PRIVATE KEY ============ -->
-            <div id="view-import-key" class="view hidden">
-                <button
-                    id="btn-import-key-back"
-                    class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer mb-2"
-                >
-                    &lt; Back
-                </button>
-                <h2 class="font-bold mb-2">Import Private Key</h2>
-                <p class="mb-2">
-                    Paste your private key below. This wallet will have a single
-                    address.
-                </p>
-                <div class="mb-2">
-                    <input
-                        type="password"
-                        id="import-private-key"
-                        class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg"
-                        placeholder="0x..."
-                    />
-                </div>
-                <div class="mb-2" id="import-key-password-section">
-                    <label class="block mb-1">Choose a password</label>
-                    <p class="text-xs text-muted mb-1">
-                        This password encrypts your private key on this device.
-                        You will need it to send funds.
-                    </p>
-                    <input
-                        type="password"
-                        id="import-key-password"
-                        class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg"
-                    />
-                </div>
-                <div class="mb-2" id="import-key-password-confirm-section">
-                    <label class="block mb-1">Confirm password</label>
-                    <input
-                        type="password"
-                        id="import-key-password-confirm"
-                        class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg"
-                    />
-                </div>
-                <button
-                    id="btn-import-key-confirm"
-                    class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer"
                 >
                     Import
                 </button>
@@ -305,6 +314,26 @@
                     >
                         + Token
                     </button>
+                    <div class="relative">
+                        <button
+                            id="btn-more-menu"
+                            class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer"
+                            aria-label="More actions"
+                        >
+                            &middot;&middot;&middot;
+                        </button>
+                        <div
+                            id="more-menu-dropdown"
+                            class="hidden absolute right-0 top-full mt-1 border border-border bg-bg z-50 whitespace-nowrap py-1"
+                        >
+                            <button
+                                id="btn-export-privkey"
+                                class="block w-full text-left px-4 py-1.5 text-xs font-light text-muted hover:bg-hover hover:text-fg cursor-pointer"
+                            >
+                                Export Private Key
+                            </button>
+                        </div>
+                    </div>
                 </div>
 
                 <!-- transactions -->
@@ -318,6 +347,60 @@
                 </div>
             </div>
 
+            <!-- ============ EXPORT PRIVATE KEY VIEW ============ -->
+            <div id="view-export-privkey" class="view hidden">
+                <button
+                    id="btn-export-privkey-back"
+                    class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer mb-2"
+                >
+                    &lt; Back
+                </button>
+                <div
+                    id="export-privkey-jazzicon"
+                    class="flex justify-center mt-1 mb-3"
+                ></div>
+                <h2 class="font-bold mb-1">Export Private Key</h2>
+                <p class="text-xs mb-1" id="export-privkey-title"></p>
+                <p class="text-xs mb-3">
+                    <span id="export-privkey-dot"></span>
+                    <span
+                        id="export-privkey-address"
+                        class="cursor-pointer"
+                        title="Click to copy"
+                    ></span>
+                </p>
+                <p class="text-xs mb-3 text-muted">
+                    Warning: anyone with this private key can access and
+                    transfer all funds from this address. Never share it.
+                </p>
+                <div
+                    id="export-privkey-flash"
+                    class="text-xs mb-2 hidden"
+                ></div>
+                <div id="export-privkey-password-section" class="mb-2">
+                    <label class="block mb-1">Password</label>
+                    <input
+                        type="password"
+                        id="export-privkey-password"
+                        class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg"
+                        placeholder="Enter your password to continue"
+                    />
+                    <button
+                        id="btn-export-privkey-confirm"
+                        class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer mt-2"
+                    >
+                        Reveal
+                    </button>
+                </div>
+                <div id="export-privkey-result" class="hidden">
+                    <div
+                        id="export-privkey-value"
+                        class="bg-danger-well rounded p-2 font-mono text-xs break-all cursor-pointer mb-1"
+                        title="Click to copy"
+                    ></div>
+                </div>
+            </div>
+
             <!-- ============ ADDRESS-TOKEN DETAIL VIEW ============ -->
             <div id="view-address-token" class="view hidden">
                 <button
@@ -422,6 +505,11 @@
                         class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg"
                         placeholder="Address (0x...) or ENS name"
                     />
+                    <div
+                        id="send-to-error"
+                        class="text-xs"
+                        style="min-height: 1.25rem; color: #cc0000"
+                    ></div>
                 </div>
                 <div class="mb-2">
                     <div class="flex justify-between mb-1">
@@ -531,6 +619,7 @@
             <!-- ============ TX SUCCESS ============ -->
             <div id="view-success-tx" class="view hidden">
                 <h2 class="font-bold mb-2">Transaction Confirmed</h2>
+                <div id="success-tx-decoded" class="mb-3 hidden text-xs"></div>
                 <div class="mb-3">
                     <div class="text-xs text-muted mb-1">Amount</div>
                     <div id="success-tx-summary" class="font-bold"></div>
@@ -636,9 +725,10 @@
                 <div class="flex justify-center mb-3">
                     <canvas id="receive-qr"></canvas>
                 </div>
-                <div class="border border-border p-2 break-all mb-3 text-xs">
-                    <span id="receive-dot"></span>
-                    <span id="receive-address" class="select-all"></span>
+                <div
+                    class="border border-border p-2 break-all mb-3 text-xs cursor-pointer"
+                >
+                    <span id="receive-address-block" class="select-all"></span>
                     <span id="receive-etherscan-link"></span>
                 </div>
                 <button
@@ -999,7 +1089,12 @@
                             class="text-xs"
                         ></div>
                     </div>
-                    <div id="tx-detail-rawdata-section" class="hidden">
+                </div>
+                <div class="mb-4">
+                    <div class="text-xs text-muted mb-1">Transaction hash</div>
+                    <div id="tx-detail-hash" class="text-xs break-all"></div>
+                </div>
+                <div id="tx-detail-rawdata-section" class="mb-4 hidden">
                     <div class="text-xs text-muted mb-1">Raw data</div>
                     <div
                         id="tx-detail-rawdata"
@@ -1007,11 +1102,6 @@
                     ></div>
                 </div>
             </div>
-                <div class="mb-4">
-                    <div class="text-xs text-muted mb-1">Transaction hash</div>
-                    <div id="tx-detail-hash" class="text-xs break-all"></div>
-                </div>
-            </div>
 
             <!-- ============ TRANSACTION APPROVAL ============ -->
             <div id="view-approve-tx" class="view hidden">

src/popup/index.js

@@ -10,7 +10,6 @@ const { $, showView } = require("./views/helpers");
 const home = require("./views/home");
 const welcome = require("./views/welcome");
 const addWallet = require("./views/addWallet");
-const importKey = require("./views/importKey");
 const addressDetail = require("./views/addressDetail");
 const addressToken = require("./views/addressToken");
 const send = require("./views/send");
@@ -54,7 +53,6 @@ const ctx = {
     renderWalletList,
     doRefreshAndRender,
     showAddWalletView: () => addWallet.show(),
-    showImportKeyView: () => importKey.show(),
     showAddressDetail: () => addressDetail.show(),
     showAddressToken: () => addressToken.show(),
     showAddTokenView: () => addToken.show(),
@@ -209,7 +207,6 @@ async function init() {
 
     welcome.init(ctx);
     addWallet.init(ctx);
-    importKey.init(ctx);
     home.init(ctx);
     addressDetail.init(ctx);
     addressToken.init(ctx);

src/popup/styles/main.css

@@ -11,6 +11,7 @@
     --color-border-light: #cccccc;
     --color-hover: #eeeeee;
     --color-well: #f5f5f5;
+    --color-danger-well: #fef2f2;
     --color-section: #dddddd;
 }
 

src/popup/views/addWallet.js

@@ -3,31 +3,72 @@ const {
     generateMnemonic,
     hdWalletFromMnemonic,
     isValidMnemonic,
+    addressFromPrivateKey,
+    hdWalletFromXprv,
+    isValidXprv,
 } = require("../../shared/wallet");
 const { encryptWithPassword } = require("../../shared/vault");
 const { state, saveState } = require("../../shared/state");
 const { scanForAddresses } = require("../../shared/balances");
 
+let currentMode = "mnemonic";
+
+const MODES = ["mnemonic", "privkey", "xprv"];
+
+const PASSWORD_HINTS = {
+    mnemonic:
+        "This password encrypts your recovery phrase on this device. You will need it to send funds.",
+    privkey:
+        "This password encrypts your private key on this device. You will need it to send funds.",
+    xprv: "This password encrypts your key on this device. You will need it to send funds.",
+};
+
+function switchMode(mode) {
+    currentMode = mode;
+    for (const m of MODES) {
+        $("add-wallet-section-" + m).classList.toggle("hidden", m !== mode);
+        const tab = $("tab-" + m);
+        tab.classList.toggle("border-fg", m === mode);
+        tab.classList.toggle("font-bold", m === mode);
+        tab.classList.toggle("border-transparent", m !== mode);
+        tab.classList.toggle("text-muted", m !== mode);
+    }
+    $("add-wallet-password-hint").textContent = PASSWORD_HINTS[mode];
+}
+
 function show() {
     $("wallet-mnemonic").value = "";
+    $("import-private-key").value = "";
+    $("import-xprv-key").value = "";
     $("add-wallet-password").value = "";
     $("add-wallet-password-confirm").value = "";
     $("add-wallet-phrase-warning").classList.add("hidden");
+    switchMode("mnemonic");
     showView("add-wallet");
 }
 
-function init(ctx) {
-    $("btn-generate-phrase").addEventListener("click", () => {
-        $("wallet-mnemonic").value = generateMnemonic();
-        $("add-wallet-phrase-warning").classList.remove("hidden");
-    });
+function validatePassword() {
+    const pw = $("add-wallet-password").value;
+    const pw2 = $("add-wallet-password-confirm").value;
+    if (!pw) {
+        showFlash("Please choose a password.");
+        return null;
+    }
+    if (pw.length < 12) {
+        showFlash("Password must be at least 12 characters.");
+        return null;
+    }
+    if (pw !== pw2) {
+        showFlash("Passwords do not match.");
+        return null;
+    }
+    return pw;
+}
 
-    $("btn-add-wallet-confirm").addEventListener("click", async () => {
+async function importMnemonic(ctx) {
     const mnemonic = $("wallet-mnemonic").value.trim();
     if (!mnemonic) {
-            showFlash(
-                "Enter a recovery phrase or press the die to generate one.",
-            );
+        showFlash("Enter a recovery phrase or press the die to generate one.");
         return;
     }
     const words = mnemonic.split(/\s+/);
@@ -43,33 +84,18 @@ function init(ctx) {
         showFlash("Invalid recovery phrase. Check for typos.");
         return;
     }
-        const pw = $("add-wallet-password").value;
-        const pw2 = $("add-wallet-password-confirm").value;
-        if (!pw) {
-            showFlash("Please choose a password.");
-            return;
-        }
-        if (pw.length < 12) {
-            showFlash("Password must be at least 12 characters.");
-            return;
-        }
-        if (pw !== pw2) {
-            showFlash("Passwords do not match.");
-            return;
-        }
+    const pw = validatePassword();
+    if (!pw) return;
     const { xpub, firstAddress } = hdWalletFromMnemonic(mnemonic);
     const duplicate = state.wallets.find(
         (w) =>
             w.type === "hd" &&
             w.addresses[0] &&
-                w.addresses[0].address.toLowerCase() ===
-                    firstAddress.toLowerCase(),
+            w.addresses[0].address.toLowerCase() === firstAddress.toLowerCase(),
     );
     if (duplicate) {
         showFlash(
-                "This recovery phrase is already added (" +
-                    duplicate.name +
-                    ").",
+            "This recovery phrase is already added (" + duplicate.name + ").",
         );
         return;
     }
@@ -109,8 +135,143 @@ function init(ctx) {
     }
 
     ctx.doRefreshAndRender();
+}
+
+async function importPrivateKey(ctx) {
+    const key = $("import-private-key").value.trim();
+    if (!key) {
+        showFlash("Please enter your private key.");
+        return;
+    }
+    let addr;
+    try {
+        addr = addressFromPrivateKey(key);
+    } catch (e) {
+        showFlash("Invalid private key.");
+        return;
+    }
+    const pw = validatePassword();
+    if (!pw) return;
+    const duplicate = state.wallets.find(
+        (w) =>
+            w.type === "key" &&
+            w.addresses[0] &&
+            w.addresses[0].address.toLowerCase() === addr.toLowerCase(),
+    );
+    if (duplicate) {
+        showFlash(
+            "This private key is already added (" + duplicate.name + ").",
+        );
+        return;
+    }
+    const encrypted = await encryptWithPassword(key, pw);
+    const walletNum = state.wallets.length + 1;
+    state.wallets.push({
+        type: "key",
+        name: "Wallet " + walletNum,
+        encryptedSecret: encrypted,
+        addresses: [{ address: addr, balance: "0.0000", tokenBalances: [] }],
+    });
+    state.hasWallet = true;
+    await saveState();
+    ctx.renderWalletList();
+    showView("main");
+
+    ctx.doRefreshAndRender();
+}
+
+async function importXprvKey(ctx) {
+    const xprv = $("import-xprv-key").value.trim();
+    if (!xprv) {
+        showFlash("Please enter your extended private key.");
+        return;
+    }
+    if (!isValidXprv(xprv)) {
+        showFlash("Invalid extended private key.");
+        return;
+    }
+    let result;
+    try {
+        result = hdWalletFromXprv(xprv);
+    } catch (e) {
+        showFlash("Invalid extended private key.");
+        return;
+    }
+    const { xpub, firstAddress } = result;
+    const duplicate = state.wallets.find(
+        (w) =>
+            (w.type === "hd" || w.type === "xprv") &&
+            w.addresses[0] &&
+            w.addresses[0].address.toLowerCase() === firstAddress.toLowerCase(),
+    );
+    if (duplicate) {
+        showFlash("This key is already added (" + duplicate.name + ").");
+        return;
+    }
+    const pw = validatePassword();
+    if (!pw) return;
+    const encrypted = await encryptWithPassword(xprv, pw);
+    const walletNum = state.wallets.length + 1;
+    const wallet = {
+        type: "xprv",
+        name: "Wallet " + walletNum,
+        xpub: xpub,
+        encryptedSecret: encrypted,
+        nextIndex: 1,
+        addresses: [
+            { address: firstAddress, balance: "0.0000", tokenBalances: [] },
+        ],
+    };
+    state.wallets.push(wallet);
+    state.hasWallet = true;
+    await saveState();
+    ctx.renderWalletList();
+    showView("main");
+
+    // Scan for used HD addresses beyond index 0.
+    showFlash("Scanning for addresses...", 30000);
+    const scan = await scanForAddresses(xpub, state.rpcUrl);
+    if (scan.addresses.length > 1) {
+        wallet.addresses = scan.addresses.map((a) => ({
+            address: a.address,
+            balance: "0.0000",
+            tokenBalances: [],
+        }));
+        wallet.nextIndex = scan.nextIndex;
+        await saveState();
+        ctx.renderWalletList();
+        showFlash("Found " + scan.addresses.length + " addresses.");
+    } else {
+        showFlash("Ready.", 1000);
+    }
+
+    ctx.doRefreshAndRender();
+}
+
+function init(ctx) {
+    // Tab click handlers
+    $("tab-mnemonic").addEventListener("click", () => switchMode("mnemonic"));
+    $("tab-privkey").addEventListener("click", () => switchMode("privkey"));
+    $("tab-xprv").addEventListener("click", () => switchMode("xprv"));
+
+    // Generate mnemonic
+    $("btn-generate-phrase").addEventListener("click", () => {
+        $("wallet-mnemonic").value = generateMnemonic();
+        $("add-wallet-phrase-warning").classList.remove("hidden");
     });
 
+    // Import / confirm
+    $("btn-add-wallet-confirm").addEventListener("click", async () => {
+        if (currentMode === "mnemonic") {
+            await importMnemonic(ctx);
+        } else if (currentMode === "privkey") {
+            await importPrivateKey(ctx);
+        } else if (currentMode === "xprv") {
+            await importXprvKey(ctx);
+        }
+    });
+
+    // Back button
     $("btn-add-wallet-back").addEventListener("click", () => {
         if (!state.hasWallet) {
             showView("welcome");
@@ -119,11 +280,6 @@ function init(ctx) {
             showView("main");
         }
     });
-
-    $("btn-add-wallet-import-key").addEventListener(
-        "click",
-        ctx.showImportKeyView,
-    );
 }
 
 module.exports = { init, show };

src/popup/views/addressDetail.js

@@ -15,9 +15,15 @@ const {
     filterTransactions,
 } = require("../../shared/transactions");
 const { resolveEnsNames } = require("../../shared/ens");
-const { updateSendBalance, renderSendTokenSelect } = require("./send");
+const {
+    updateSendBalance,
+    renderSendTokenSelect,
+    resetSendValidation,
+} = require("./send");
 const { log } = require("../../shared/log");
 const makeBlockie = require("ethereum-blockies-base64");
+const { decryptWithPassword } = require("../../shared/vault");
+const { getSignerForAddress } = require("../../shared/wallet");
 
 let ctx;
 
@@ -186,10 +192,12 @@ function renderTransactions(txs) {
     let html = "";
     let i = 0;
     for (const tx of txs) {
+        // For swap transactions, show the user's own labelled wallet
+        // address instead of the contract address (see issue #55).
         const counterparty =
-            tx.direction === "contract"
+            tx.direction === "contract" && tx.directionLabel === "Swap"
                 ? tx.from
-                : tx.direction === "sent"
+                : tx.direction === "sent" || tx.direction === "contract"
                   ? tx.to
                   : tx.from;
         const ensName = ensNameMap.get(counterparty) || null;
@@ -255,6 +263,7 @@ function init(_ctx) {
         $("send-token").classList.remove("hidden");
         $("send-token-static").classList.add("hidden");
         updateSendBalance();
+        resetSendValidation();
         showView("send");
     });
 
@@ -263,6 +272,102 @@ function init(_ctx) {
     });
 
     $("btn-add-token").addEventListener("click", ctx.showAddTokenView);
+
+    // More menu dropdown
+    const moreBtn = $("btn-more-menu");
+    const moreDropdown = $("more-menu-dropdown");
+    moreBtn.addEventListener("click", (e) => {
+        e.stopPropagation();
+        const isOpen = !moreDropdown.classList.toggle("hidden");
+        moreBtn.classList.toggle("bg-fg", isOpen);
+        moreBtn.classList.toggle("text-bg", isOpen);
+    });
+    document.addEventListener("click", () => {
+        moreDropdown.classList.add("hidden");
+        moreBtn.classList.remove("bg-fg", "text-bg");
+    });
+    moreDropdown.addEventListener("click", (e) => {
+        e.stopPropagation();
+    });
+
+    $("btn-export-privkey").addEventListener("click", () => {
+        moreDropdown.classList.add("hidden");
+        moreBtn.classList.remove("bg-fg", "text-bg");
+        const wallet = state.wallets[state.selectedWallet];
+        const addr = wallet.addresses[state.selectedAddress];
+        const blockieEl = $("export-privkey-jazzicon");
+        blockieEl.innerHTML = "";
+        const bImg = document.createElement("img");
+        bImg.src = makeBlockie(addr.address);
+        bImg.width = 48;
+        bImg.height = 48;
+        bImg.style.imageRendering = "pixelated";
+        bImg.style.borderRadius = "50%";
+        blockieEl.appendChild(bImg);
+        $("export-privkey-title").textContent =
+            wallet.name + " \u2014 Address " + (state.selectedAddress + 1);
+        $("export-privkey-dot").innerHTML = addressDotHtml(addr.address);
+        $("export-privkey-address").textContent = addr.address;
+        $("export-privkey-address").dataset.full = addr.address;
+        $("export-privkey-password").value = "";
+        $("export-privkey-flash").classList.add("hidden");
+        $("export-privkey-flash").textContent = "";
+        $("export-privkey-password-section").classList.remove("hidden");
+        $("export-privkey-result").classList.add("hidden");
+        $("export-privkey-value").textContent = "";
+        showView("export-privkey");
+    });
+
+    $("btn-export-privkey-confirm").addEventListener("click", async () => {
+        const password = $("export-privkey-password").value;
+        if (!password) {
+            $("export-privkey-flash").textContent = "Password is required.";
+            $("export-privkey-flash").classList.remove("hidden");
+            return;
+        }
+        const wallet = state.wallets[state.selectedWallet];
+        try {
+            const secret = await decryptWithPassword(
+                wallet.encryptedSecret,
+                password,
+            );
+            const signer = getSignerForAddress(
+                wallet,
+                state.selectedAddress,
+                secret,
+            );
+            const privateKey = signer.privateKey;
+            $("export-privkey-password-section").classList.add("hidden");
+            $("export-privkey-value").textContent = privateKey;
+            $("export-privkey-result").classList.remove("hidden");
+            $("export-privkey-flash").classList.add("hidden");
+        } catch {
+            $("export-privkey-flash").textContent = "Wrong password.";
+            $("export-privkey-flash").classList.remove("hidden");
+        }
+    });
+
+    $("export-privkey-value").addEventListener("click", () => {
+        const key = $("export-privkey-value").textContent;
+        if (key) {
+            navigator.clipboard.writeText(key);
+            showFlash("Copied!");
+        }
+    });
+
+    $("export-privkey-address").addEventListener("click", () => {
+        const full = $("export-privkey-address").dataset.full;
+        if (full) {
+            navigator.clipboard.writeText(full);
+            showFlash("Copied!");
+        }
+    });
+
+    $("btn-export-privkey-back").addEventListener("click", () => {
+        $("export-privkey-value").textContent = "";
+        $("export-privkey-password").value = "";
+        show();
+    });
 }
 
 module.exports = { init, show };

src/popup/views/addressToken.js

@@ -12,7 +12,7 @@ const {
     balanceLine,
 } = require("./helpers");
 const { state, currentAddress, saveState } = require("../../shared/state");
-const { TOKEN_BY_ADDRESS } = require("../../shared/tokenList");
+const { TOKEN_BY_ADDRESS, resolveSymbol } = require("../../shared/tokenList");
 const {
     formatUsd,
     getPrice,
@@ -23,7 +23,11 @@ const {
     filterTransactions,
 } = require("../../shared/transactions");
 const { resolveEnsNames } = require("../../shared/ens");
-const { updateSendBalance, renderSendTokenSelect } = require("./send");
+const {
+    updateSendBalance,
+    renderSendTokenSelect,
+    resetSendValidation,
+} = require("./send");
 const { log } = require("../../shared/log");
 const makeBlockie = require("ethereum-blockies-base64");
 
@@ -87,6 +91,7 @@ function show() {
 
     // Determine token symbol and balance
     let symbol, amount, price;
+    const knownToken = TOKEN_BY_ADDRESS.get(tokenId.toLowerCase());
     if (tokenId === "ETH") {
         symbol = "ETH";
         amount = parseFloat(addr.balance || "0");
@@ -95,7 +100,11 @@ function show() {
         const tb = (addr.tokenBalances || []).find(
             (t) => t.address.toLowerCase() === tokenId.toLowerCase(),
         );
-        symbol = tb ? tb.symbol : "?";
+        symbol = resolveSymbol(
+            tokenId,
+            addr.tokenBalances,
+            state.trackedTokens,
+        );
         amount = tb ? parseFloat(tb.balance || "0") : 0;
         price = getPrice(symbol);
     }
@@ -138,13 +147,32 @@ function show() {
         const tb = (addr.tokenBalances || []).find(
             (t) => t.address.toLowerCase() === tokenId.toLowerCase(),
         );
-        const tokenName = tb && tb.name ? escapeHtml(tb.name) : null;
-        const tokenSymbol = tb && tb.symbol ? escapeHtml(tb.symbol) : null;
-        const tokenDecimals = tb && tb.decimals != null ? tb.decimals : null;
+        const tracked = (state.trackedTokens || []).find(
+            (t) => t.address.toLowerCase() === tokenId.toLowerCase(),
+        );
+        const rawName =
+            (tb && tb.name) ||
+            (tracked && tracked.name) ||
+            (knownToken && knownToken.name) ||
+            null;
+        const rawSymbol =
+            (tb && tb.symbol) ||
+            (tracked && tracked.symbol) ||
+            (knownToken && knownToken.symbol) ||
+            null;
+        const tokenName = rawName ? escapeHtml(rawName) : null;
+        const tokenSymbol = rawSymbol ? escapeHtml(rawSymbol) : null;
+        const tokenDecimals =
+            tb && tb.decimals != null
+                ? tb.decimals
+                : tracked && tracked.decimals != null
+                  ? tracked.decimals
+                  : knownToken && knownToken.decimals != null
+                    ? knownToken.decimals
+                    : null;
         const tokenHolders = tb && tb.holders != null ? tb.holders : null;
         const dot = addressDotHtml(tokenId);
         const tokenLink = `https://etherscan.io/token/${escapeHtml(tokenId)}`;
-        const knownToken = TOKEN_BY_ADDRESS.get(tokenId.toLowerCase());
         const projectUrl = knownToken && knownToken.url ? knownToken.url : null;
         let infoHtml = `<div class="font-bold mb-2">Contract Address</div>`;
         infoHtml +=
@@ -348,6 +376,7 @@ function init(_ctx) {
             });
         }
         updateSendBalance();
+        resetSendValidation();
         showView("send");
     });
 

src/popup/views/approval.js

@@ -78,10 +78,12 @@ function decodeCalldata(data, toAddress) {
                     "0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
                 );
                 const isUnlimited = rawAmount === maxUint;
+                const amountRaw = isUnlimited
+                    ? "Unlimited"
+                    : formatTxValue(formatUnits(rawAmount, tokenDecimals));
                 const amountStr = isUnlimited
                     ? "Unlimited"
-                    : formatTxValue(formatUnits(rawAmount, tokenDecimals)) +
-                      (tokenSymbol ? " " + tokenSymbol : "");
+                    : amountRaw + (tokenSymbol ? " " + tokenSymbol : "");
 
                 return {
                     name: "Token Approval",
@@ -100,7 +102,11 @@ function decodeCalldata(data, toAddress) {
                             value: spender,
                             address: spender,
                         },
-                        { label: "Amount", value: amountStr },
+                        {
+                            label: "Amount",
+                            value: amountStr,
+                            rawValue: amountRaw,
+                        },
                     ],
                 };
             }
@@ -108,9 +114,11 @@ function decodeCalldata(data, toAddress) {
             if (parsed.name === "transfer") {
                 const to = parsed.args[0];
                 const rawAmount = parsed.args[1];
+                const amountRaw = formatTxValue(
+                    formatUnits(rawAmount, tokenDecimals),
+                );
                 const amountStr =
-                    formatTxValue(formatUnits(rawAmount, tokenDecimals)) +
-                    (tokenSymbol ? " " + tokenSymbol : "");
+                    amountRaw + (tokenSymbol ? " " + tokenSymbol : "");
 
                 return {
                     name: "Token Transfer",
@@ -125,7 +133,11 @@ function decodeCalldata(data, toAddress) {
                             isToken: true,
                         },
                         { label: "Recipient", value: to, address: to },
-                        { label: "Amount", value: amountStr },
+                        {
+                            label: "Amount",
+                            value: amountStr,
+                            rawValue: amountRaw,
+                        },
                     ],
                 };
             }
@@ -163,7 +175,7 @@ function showTxApproval(details) {
                 pendingTxDetails.to = d.address;
             }
             if (d.label === "Amount") {
-                pendingTxDetails.amount = d.value;
+                pendingTxDetails.amount = d.rawValue || d.value;
             }
         }
         if (token) {
@@ -172,6 +184,15 @@ function showTxApproval(details) {
         }
     }
 
+    // Carry decoded calldata info through to success/error views
+    if (decoded) {
+        pendingTxDetails.decoded = {
+            name: decoded.name,
+            description: decoded.description,
+            details: decoded.details,
+        };
+    }
+
     $("approve-tx-hostname").textContent = details.hostname;
     $("approve-tx-from").innerHTML = approvalAddressHtml(state.activeAddress);
 

src/popup/views/confirmTx.js

@@ -14,6 +14,7 @@ const {
     showError,
     hideError,
     showView,
+    showFlash,
     addressTitle,
     addressDotHtml,
     escapeHtml,
@@ -95,11 +96,22 @@ function show(txInfo) {
     // Token contract section (ERC-20 only)
     const tokenSection = $("confirm-token-section");
     if (isErc20) {
+        const dot = addressDotHtml(txInfo.token);
         const link = etherscanTokenLink(txInfo.token);
         $("confirm-token-contract").innerHTML =
-            escapeHtml(txInfo.token) +
-            ` <a href="${link}" target="_blank" rel="noopener" class="inline-flex items-center">${EXT_ICON}</a>`;
+            `<div class="flex items-center">${dot}` +
+            `<span class="break-all underline decoration-dashed cursor-pointer" data-copy="${escapeHtml(txInfo.token)}">${escapeHtml(txInfo.token)}</span>` +
+            `<a href="${link}" target="_blank" rel="noopener" class="inline-flex items-center">${EXT_ICON}</a>` +
+            `</div>`;
         tokenSection.classList.remove("hidden");
+        // Attach click-to-copy on the contract address
+        const copyEl = tokenSection.querySelector("[data-copy]");
+        if (copyEl) {
+            copyEl.onclick = () => {
+                navigator.clipboard.writeText(copyEl.dataset.copy);
+                showFlash("Copied!");
+            };
+        }
     } else {
         tokenSection.classList.add("hidden");
     }

src/popup/views/helpers.js

@@ -13,7 +13,6 @@ const { state, saveState } = require("../../shared/state");
 const VIEWS = [
     "welcome",
     "add-wallet",
-    "import-key",
     "main",
     "address",
     "address-token",
@@ -31,6 +30,7 @@ const VIEWS = [
     "approve-site",
     "approve-tx",
     "approve-sign",
+    "export-privkey",
 ];
 
 function $(id) {

src/popup/views/home.js

@@ -11,7 +11,11 @@ const {
     truncateMiddle,
 } = require("./helpers");
 const { state, saveState, currentAddress } = require("../../shared/state");
-const { updateSendBalance, renderSendTokenSelect } = require("./send");
+const {
+    updateSendBalance,
+    renderSendTokenSelect,
+    resetSendValidation,
+} = require("./send");
 const { deriveAddressFromXpub } = require("../../shared/wallet");
 const {
     formatUsd,
@@ -103,8 +107,13 @@ function renderHomeTxList(ctx) {
     let html = "";
     let i = 0;
     for (const tx of homeTxs) {
+        // For swap transactions, show the user's own labelled wallet
+        // address (the one that initiated the swap) instead of the
+        // contract address which is not useful in the list view.
         const counterparty =
-            tx.direction === "sent" || tx.direction === "contract"
+            tx.direction === "contract" && tx.directionLabel === "Swap"
+                ? tx.from
+                : tx.direction === "sent" || tx.direction === "contract"
                   ? tx.to
                   : tx.from;
         const dirLabel = tx.directionLabel;
@@ -230,7 +239,7 @@ function render(ctx) {
         html += `<div>`;
         html += `<div class="flex justify-between items-center bg-section py-1 px-2" style="margin:0 -0.5rem">`;
         html += `<span class="font-bold cursor-pointer wallet-name underline decoration-dashed" data-wallet="${wi}">${wallet.name}</span>`;
-        if (wallet.type === "hd") {
+        if (wallet.type === "hd" || wallet.type === "xprv") {
             html += `<button class="btn-add-address border border-border px-1 hover:bg-fg hover:text-bg cursor-pointer text-xs" data-wallet="${wi}" title="Add another address to this wallet">+</button>`;
         }
         html += `</div>`;
@@ -383,6 +392,7 @@ function init(ctx) {
         $("send-token-static").classList.add("hidden");
         renderSendTokenSelect(addr);
         updateSendBalance();
+        resetSendValidation();
         showView("send");
     });
 

src/popup/views/importKey.js

@@ -1,69 +0,0 @@
-const { $, showView, showFlash } = require("./helpers");
-const { addressFromPrivateKey } = require("../../shared/wallet");
-const { encryptWithPassword } = require("../../shared/vault");
-const { state, saveState } = require("../../shared/state");
-
-function show() {
-    $("import-private-key").value = "";
-    $("import-key-password").value = "";
-    $("import-key-password-confirm").value = "";
-    showView("import-key");
-}
-
-function init(ctx) {
-    $("btn-import-key-confirm").addEventListener("click", async () => {
-        const key = $("import-private-key").value.trim();
-        if (!key) {
-            showFlash("Please enter your private key.");
-            return;
-        }
-        let addr;
-        try {
-            addr = addressFromPrivateKey(key);
-        } catch (e) {
-            showFlash("Invalid private key.");
-            return;
-        }
-        const pw = $("import-key-password").value;
-        const pw2 = $("import-key-password-confirm").value;
-        if (!pw) {
-            showFlash("Please choose a password.");
-            return;
-        }
-        if (pw.length < 12) {
-            showFlash("Password must be at least 12 characters.");
-            return;
-        }
-        if (pw !== pw2) {
-            showFlash("Passwords do not match.");
-            return;
-        }
-        const encrypted = await encryptWithPassword(key, pw);
-        const walletNum = state.wallets.length + 1;
-        state.wallets.push({
-            type: "key",
-            name: "Wallet " + walletNum,
-            encryptedSecret: encrypted,
-            addresses: [
-                { address: addr, balance: "0.0000", tokenBalances: [] },
-            ],
-        });
-        state.hasWallet = true;
-        await saveState();
-        ctx.renderWalletList();
-        showView("main");
-
-        ctx.doRefreshAndRender();
-    });
-
-    $("btn-import-key-back").addEventListener("click", () => {
-        if (!state.hasWallet) {
-            showView("welcome");
-        } else {
-            ctx.renderWalletList();
-            showView("main");
-        }
-    });
-}
-
-module.exports = { init, show };

src/popup/views/receive.js

@@ -1,4 +1,10 @@
-const { $, showView, showFlash, addressDotHtml } = require("./helpers");
+const {
+    $,
+    showView,
+    showFlash,
+    formatAddressHtml,
+    addressTitle,
+} = require("./helpers");
 const { state, currentAddress } = require("../../shared/state");
 const QRCode = require("qrcode");
 
@@ -12,8 +18,12 @@ const EXT_ICON =
 function show() {
     const addr = currentAddress();
     const address = addr ? addr.address : "";
-    $("receive-dot").innerHTML = address ? addressDotHtml(address) : "";
-    $("receive-address").textContent = address;
+    const title = address ? addressTitle(address, state.wallets) : null;
+    const ensName = addr ? addr.ensName || null : null;
+    $("receive-address-block").innerHTML = address
+        ? formatAddressHtml(address, ensName, null, title)
+        : "";
+    $("receive-address-block").dataset.full = address;
     const link = address ? `https://etherscan.io/address/${address}` : "";
     $("receive-etherscan-link").innerHTML = link
         ? `<a href="${link}" target="_blank" rel="noopener" class="inline-flex items-center">${EXT_ICON}</a>`
@@ -50,8 +60,16 @@ function show() {
 }
 
 function init(ctx) {
+    $("receive-address-block").addEventListener("click", () => {
+        const addr = $("receive-address-block").dataset.full;
+        if (addr) {
+            navigator.clipboard.writeText(addr);
+            showFlash("Copied!");
+        }
+    });
+
     $("btn-receive-copy").addEventListener("click", () => {
-        const addr = $("receive-address").textContent;
+        const addr = $("receive-address-block").dataset.full;
         if (addr) {
             navigator.clipboard.writeText(addr);
             showFlash("Copied!");

src/popup/views/send.js

@@ -10,7 +10,108 @@ const {
 const { state, currentAddress } = require("../../shared/state");
 let ctx;
 const { getProvider } = require("../../shared/balances");
-const { KNOWN_SYMBOLS } = require("../../shared/tokenList");
+const { KNOWN_SYMBOLS, resolveSymbol } = require("../../shared/tokenList");
+const { getAddress } = require("ethers");
+
+const ZERO_ADDRESS = "0x0000000000000000000000000000000000000000";
+
+/**
+ * Validate a destination address string.
+ * Returns { valid: true } or { valid: false, error: "..." }.
+ */
+function validateToAddress(value) {
+    const v = value.trim();
+    if (!v) return { valid: false, error: "" };
+
+    // ENS names: contains a dot and doesn't start with 0x
+    if (v.includes(".") && !v.startsWith("0x")) {
+        // Basic ENS format check: at least one label before and after dot
+        if (/^[a-zA-Z0-9-]+(\.[a-zA-Z0-9-]+)+$/.test(v)) {
+            return { valid: true };
+        }
+        return {
+            valid: false,
+            error: "Please enter a valid ENS name.",
+        };
+    }
+
+    // Must look like an Ethereum address
+    if (!/^0x[0-9a-fA-F]{40}$/.test(v)) {
+        return {
+            valid: false,
+            error: "Please enter a valid Ethereum address.",
+        };
+    }
+
+    // Reject zero address
+    if (v.toLowerCase() === ZERO_ADDRESS) {
+        return {
+            valid: false,
+            error: "Sending to the zero address is not allowed.",
+        };
+    }
+
+    // EIP-55 checksum validation: all-lowercase is ok, otherwise must match checksum
+    if (v !== v.toLowerCase()) {
+        try {
+            const checksummed = getAddress(v);
+            if (checksummed !== v) {
+                return {
+                    valid: false,
+                    error: "Address checksum is invalid. Please double-check the address.",
+                };
+            }
+        } catch {
+            return {
+                valid: false,
+                error: "Address checksum is invalid. Please double-check the address.",
+            };
+        }
+    }
+
+    // Warn if sending to own address
+    const addr = currentAddress();
+    if (addr && v.toLowerCase() === addr.address.toLowerCase()) {
+        // Allow but will warn — we return valid with a warning
+        return {
+            valid: true,
+            warning: "This is your own address. Are you sure?",
+        };
+    }
+
+    return { valid: true };
+}
+
+function updateToValidation() {
+    const input = $("send-to");
+    const errorEl = $("send-to-error");
+    const btn = $("btn-send-review");
+    const value = input.value.trim();
+
+    if (!value) {
+        errorEl.textContent = "";
+        btn.disabled = true;
+        btn.classList.add("opacity-50");
+        return;
+    }
+
+    const result = validateToAddress(value);
+    if (!result.valid) {
+        errorEl.textContent = result.error;
+        errorEl.style.color = "#cc0000";
+        btn.disabled = true;
+        btn.classList.add("opacity-50");
+    } else if (result.warning) {
+        errorEl.textContent = result.warning;
+        errorEl.style.color = "#b8860b";
+        btn.disabled = false;
+        btn.classList.remove("opacity-50");
+    } else {
+        errorEl.textContent = "";
+        btn.disabled = false;
+        btn.classList.remove("opacity-50");
+    }
+}
 
 const EXT_ICON =
     `<span style="display:inline-block;width:10px;height:10px;margin-left:4px;vertical-align:middle">` +
@@ -73,7 +174,11 @@ function updateSendBalance() {
         const tb = (addr.tokenBalances || []).find(
             (t) => t.address.toLowerCase() === token.toLowerCase(),
         );
-        const symbol = tb ? tb.symbol : "?";
+        const symbol = resolveSymbol(
+            token,
+            addr.tokenBalances,
+            state.trackedTokens,
+        );
         const bal = tb ? tb.balance || "0" : "0";
         $("send-balance").textContent =
             "Current balance: " + bal + " " + symbol;
@@ -84,6 +189,13 @@ function init(_ctx) {
     ctx = _ctx;
     $("send-token").addEventListener("change", updateSendBalance);
 
+    // Initial state: disable review button until address is entered
+    $("btn-send-review").disabled = true;
+    $("btn-send-review").classList.add("opacity-50");
+
+    // Validate address on input
+    $("send-to").addEventListener("input", updateToValidation);
+
     $("btn-send-review").addEventListener("click", async () => {
         const to = $("send-to").value.trim();
         const amount = $("send-amount").value.trim();
@@ -91,6 +203,15 @@ function init(_ctx) {
             showFlash("Please enter a recipient address.");
             return;
         }
+
+        // Re-validate before proceeding
+        const validation = validateToAddress(to);
+        if (!validation.valid) {
+            showFlash(
+                validation.error || "Please enter a valid Ethereum address.",
+            );
+            return;
+        }
         if (!amount || isNaN(parseFloat(amount)) || parseFloat(amount) <= 0) {
             showFlash("Please enter a valid amount.");
             return;
@@ -124,7 +245,11 @@ function init(_ctx) {
             const tb = (addr.tokenBalances || []).find(
                 (t) => t.address.toLowerCase() === token.toLowerCase(),
             );
-            tokenSymbol = tb ? tb.symbol : "?";
+            tokenSymbol = resolveSymbol(
+                token,
+                addr.tokenBalances,
+                state.trackedTokens,
+            );
             tokenBalance = tb ? tb.balance || "0" : "0";
         }
 
@@ -151,4 +276,19 @@ function init(_ctx) {
     });
 }
 
-module.exports = { init, updateSendBalance, renderSendTokenSelect };
+function resetSendValidation() {
+    const errorEl = $("send-to-error");
+    const btn = $("btn-send-review");
+    if (errorEl) errorEl.textContent = "";
+    if (btn) {
+        btn.disabled = true;
+        btn.classList.add("opacity-50");
+    }
+}
+
+module.exports = {
+    init,
+    updateSendBalance,
+    renderSendTokenSelect,
+    resetSendValidation,
+};

src/popup/views/transactionDetail.js

@@ -37,11 +37,19 @@ function blockieHtml(address) {
     return `<img src="${src}" width="48" height="48" style="image-rendering:pixelated;border-radius:50%;display:inline-block">`;
 }
 
+function etherscanLinkHtml(url) {
+    return (
+        `<a href="${url}" target="_blank" rel="noopener" ` +
+        `class="inline-flex items-center"` +
+        `>${EXT_ICON}</a>`
+    );
+}
+
 function txAddressHtml(address, ensName, title) {
     const blockie = blockieHtml(address);
     const dot = addressDotHtml(address);
     const link = `https://etherscan.io/address/${address}`;
-    const extLink = `<a href="${link}" target="_blank" rel="noopener" class="inline-flex items-center">${EXT_ICON}</a>`;
+    const extLink = etherscanLinkHtml(link);
     let html = `<div class="mb-1">${blockie}</div>`;
     if (title) {
         html += `<div class="font-bold">${escapeHtml(title)}</div>`;
@@ -50,10 +58,10 @@ function txAddressHtml(address, ensName, title) {
         html +=
             `<div class="flex items-center">${dot}` +
             copyableHtml(ensName, "") +
-            extLink +
             `</div>` +
-            `<div class="break-all">` +
+            `<div class="flex items-center">${dot}` +
             copyableHtml(address, "break-all") +
+            extLink +
             `</div>`;
     } else {
         html +=
@@ -67,7 +75,7 @@ function txAddressHtml(address, ensName, title) {
 
 function txHashHtml(hash) {
     const link = `https://etherscan.io/tx/${hash}`;
-    const extLink = `<a href="${link}" target="_blank" rel="noopener" class="inline-flex items-center">${EXT_ICON}</a>`;
+    const extLink = etherscanLinkHtml(link);
     return copyableHtml(hash, "break-all") + extLink;
 }
 
@@ -93,9 +101,6 @@ function show(tx) {
         },
     };
     render();
-    if (tx.isContractCall || tx.direction === "contract") {
-        loadCalldata(tx.hash, tx.to);
-    }
 }
 
 function render() {
@@ -138,15 +143,20 @@ function render() {
             typeEl.textContent = tx.directionLabel;
             typeSection.classList.remove("hidden");
         }
-        if (headingEl) headingEl.textContent = tx.directionLabel;
     } else {
         if (typeSection) typeSection.classList.add("hidden");
-        if (headingEl) headingEl.textContent = "Transaction";
     }
+    if (headingEl) headingEl.textContent = "Transaction";
 
-    // Hide calldata section by default; loadCalldata will show it if needed
+    // Hide calldata and raw data sections; re-fetch if this is a contract call
     const calldataSection = $("tx-detail-calldata-section");
     if (calldataSection) calldataSection.classList.add("hidden");
+    const rawDataSection = $("tx-detail-rawdata-section");
+    if (rawDataSection) rawDataSection.classList.add("hidden");
+
+    if (tx.isContractCall || tx.direction === "contract") {
+        loadCalldata(tx.hash, tx.to);
+    }
 
     $("tx-detail-time").textContent =
         isoDate(tx.timestamp) + " (" + timeAgo(tx.timestamp) + ")";
@@ -193,9 +203,20 @@ async function loadCalldata(txHash, toAddress) {
             for (const d of decoded.details || []) {
                 detailsHtml += `<div class="mb-2">`;
                 detailsHtml += `<div class="text-muted">${escapeHtml(d.label)}</div>`;
-                if (d.address) {
+                if (d.address && d.isToken) {
+                    // Token entry: show symbol on its own line, then dot + address + Etherscan link
                     const dot = addressDotHtml(d.address);
-                    detailsHtml += `<div>${dot}${copyableHtml(d.value, "break-all")}</div>`;
+                    const tokenSymbol = d.value.match(/^(\S+)\s*\(/)?.[1];
+                    if (tokenSymbol) {
+                        detailsHtml += `<div class="font-bold">${escapeHtml(tokenSymbol)}</div>`;
+                    }
+                    const etherscanUrl = `https://etherscan.io/token/${d.address}`;
+                    detailsHtml += `<div class="flex items-center">${dot}${copyableHtml(d.address, "break-all")}${etherscanLinkHtml(etherscanUrl)}</div>`;
+                } else if (d.address) {
+                    // Protocol/contract entry: show name + Etherscan link
+                    const dot = addressDotHtml(d.address);
+                    const etherscanUrl = `https://etherscan.io/address/${d.address}`;
+                    detailsHtml += `<div class="flex items-center">${dot}${copyableHtml(d.value, "break-all")}${etherscanLinkHtml(etherscanUrl)}</div>`;
                 } else {
                     detailsHtml += `<div class="font-bold">${escapeHtml(d.value)}</div>`;
                 }
@@ -219,13 +240,16 @@ async function loadCalldata(txHash, toAddress) {
 
         section.classList.remove("hidden");
 
-        // Bind copy handlers for new elements
-        section.querySelectorAll("[data-copy]").forEach((el) => {
+        // Bind copy handlers for new elements (including raw data now outside section)
+        const copyTargets = [section, rawSection].filter(Boolean);
+        for (const container of copyTargets) {
+            container.querySelectorAll("[data-copy]").forEach((el) => {
                 el.onclick = () => {
                     navigator.clipboard.writeText(el.dataset.copy);
                     showFlash("Copied!");
                 };
             });
+        }
     } catch (e) {
         log.errorf("loadCalldata failed:", e.message);
     }

src/popup/views/txStatus.js

@@ -8,6 +8,7 @@ const {
     addressTitle,
     escapeHtml,
 } = require("./helpers");
+const { TOKEN_BY_ADDRESS } = require("../../shared/tokenList");
 const { state, saveState } = require("../../shared/state");
 const { getProvider } = require("../../shared/balances");
 const { log } = require("../../shared/log");
@@ -121,11 +122,51 @@ function showSuccess(txInfo, txHash, blockNumber) {
         to: txInfo.to,
         hash: txHash,
         blockNumber: blockNumber,
+        decoded: txInfo.decoded || null,
     };
     renderSuccess();
     ctx.doRefreshAndRender();
 }
 
+function tokenLabel(address) {
+    const t = TOKEN_BY_ADDRESS.get(address.toLowerCase());
+    return t ? t.symbol : null;
+}
+
+function etherscanTokenLink(address) {
+    return `https://etherscan.io/token/${address}`;
+}
+
+function decodedDetailsHtml(decoded) {
+    if (!decoded || !decoded.details) return "";
+    let html = "";
+    if (decoded.name) {
+        html += `<div class="mb-2"><div class="text-xs text-muted mb-1">Action</div>`;
+        html += `<div class="font-bold">${escapeHtml(decoded.name)}</div></div>`;
+    }
+    if (decoded.description) {
+        html += `<div class="mb-2"><div class="text-xs text-muted mb-1">Description</div>`;
+        html += `<div>${escapeHtml(decoded.description)}</div></div>`;
+    }
+    for (const d of decoded.details) {
+        html += `<div class="mb-2">`;
+        html += `<div class="text-xs text-muted mb-1">${escapeHtml(d.label)}</div>`;
+        if (d.address) {
+            if (d.isToken) {
+                const sym = tokenLabel(d.address) || "Unknown token";
+                html += `<div class="font-bold">${escapeHtml(sym)}</div>`;
+                html += toAddressHtml(d.address);
+            } else {
+                html += toAddressHtml(d.address);
+            }
+        } else {
+            html += `<div class="font-bold">${escapeHtml(d.value)}</div>`;
+        }
+        html += `</div>`;
+    }
+    return html;
+}
+
 function renderSuccess() {
     const d = state.viewData;
     if (!d || !d.hash) return;
@@ -133,6 +174,16 @@ function renderSuccess() {
     $("success-tx-to").innerHTML = toAddressHtml(d.to);
     $("success-tx-block").textContent = String(d.blockNumber);
     $("success-tx-hash").innerHTML = txHashHtml(d.hash);
+
+    // Show decoded calldata details if present
+    const decodedEl = $("success-tx-decoded");
+    if (decodedEl && d.decoded) {
+        decodedEl.innerHTML = decodedDetailsHtml(d.decoded);
+        decodedEl.classList.remove("hidden");
+    } else if (decodedEl) {
+        decodedEl.classList.add("hidden");
+    }
+
     attachCopyHandlers("view-success-tx");
     showView("success-tx");
 }

src/shared/balances.js

@@ -85,6 +85,7 @@ async function fetchTokenBalances(address, blockscoutUrl, trackedTokens) {
 
             balances.push({
                 address: item.token.address_hash,
+                name: item.token.name || "",
                 symbol: item.token.symbol || "???",
                 decimals: decimals,
                 balance: bal,

src/shared/tokenList.js

@@ -3645,10 +3645,27 @@ async function getTopTokenPrices(n) {
     return prices;
 }
 
+// Resolve a token symbol from multiple sources, never returning "?".
+function resolveSymbol(tokenAddress, tokenBalances, trackedTokens) {
+    const lower = (tokenAddress || "").toLowerCase();
+    const tb = (tokenBalances || []).find(
+        (t) => t.address.toLowerCase() === lower,
+    );
+    if (tb && tb.symbol) return tb.symbol;
+    const known = TOKEN_BY_ADDRESS.get(lower);
+    if (known && known.symbol) return known.symbol;
+    const tracked = (trackedTokens || []).find(
+        (t) => t.address.toLowerCase() === lower,
+    );
+    if (tracked && tracked.symbol) return tracked.symbol;
+    return lower.slice(0, 10) + "\u2026";
+}
+
 module.exports = {
     TOKENS,
     TOKEN_BY_ADDRESS,
     KNOWN_SYMBOLS,
     getTopTokens,
     getTopTokenPrices,
+    resolveSymbol,
 };

src/shared/transactions.js

@@ -153,9 +153,11 @@ async function fetchRecentTransactions(address, blockscoutUrl, count = 25) {
 
     // When a token transfer shares a hash with a normal tx, the normal tx
     // is the contract call (0 ETH) and the token transfer has the real
-    // amount and symbol. Replace the normal tx with the token transfer,
-    // but preserve contract call metadata (direction, label, method) so
-    // swaps and other contract interactions display correctly.
+    // amount and symbol.  A single transaction (e.g. a swap) can produce
+    // multiple token transfers (one per token involved), so we key token
+    // transfers by hash + contract address to keep all of them.  We also
+    // preserve contract-call metadata (direction, label, method) from the
+    // matching normal tx so swaps display correctly.
     for (const tt of ttJson.items || []) {
         const parsed = parseTokenTransfer(tt, addrLower);
         const existing = txsByHash.get(parsed.hash);
@@ -164,8 +166,13 @@ async function fetchRecentTransactions(address, blockscoutUrl, count = 25) {
             parsed.directionLabel = existing.directionLabel;
             parsed.isContractCall = true;
             parsed.method = existing.method;
+            // Remove the bare-hash normal tx so it doesn't appear as a
+            // duplicate with empty value; token transfers replace it.
+            txsByHash.delete(parsed.hash);
         }
-        txsByHash.set(parsed.hash, parsed);
+        // Use composite key so multiple token transfers per tx are kept.
+        const ttKey = parsed.hash + ":" + (parsed.contractAddress || "");
+        txsByHash.set(ttKey, parsed);
     }
 
     const txs = [...txsByHash.values()];

src/shared/uniswap.js

@@ -161,6 +161,157 @@ function decodeWrapEth(input) {
     }
 }
 
+// V4 inner action IDs
+const V4_SWAP_EXACT_IN_SINGLE = 0x06;
+const V4_SWAP_EXACT_IN = 0x07;
+const V4_SWAP_EXACT_OUT_SINGLE = 0x08;
+const V4_SWAP_EXACT_OUT = 0x09;
+const V4_SETTLE = 0x0b;
+const V4_TAKE = 0x0e;
+
+// Decode V4_SWAP (command 0x10) input bytes.
+// The input is ABI-encoded as (bytes actions, bytes[] params).
+// We extract token addresses from SETTLE (input) and TAKE (output) sub-actions,
+// and swap amounts from the swap sub-actions.
+function decodeV4Swap(input) {
+    try {
+        const d = coder.decode(["bytes", "bytes[]"], input);
+        const actions = getBytes(d[0]);
+        const params = d[1];
+
+        let settleToken = null;
+        let takeToken = null;
+        let amountIn = null;
+        let amountOutMin = null;
+
+        for (let i = 0; i < actions.length; i++) {
+            const actionId = actions[i];
+            try {
+                if (actionId === V4_SETTLE) {
+                    // SETTLE: (address currency, uint256 maxAmount, bool payerIsUser)
+                    const s = coder.decode(
+                        ["address", "uint256", "bool"],
+                        params[i],
+                    );
+                    settleToken = s[0];
+                } else if (actionId === V4_TAKE) {
+                    // TAKE: (address currency, address recipient, uint256 amount)
+                    const t = coder.decode(
+                        ["address", "address", "uint256"],
+                        params[i],
+                    );
+                    takeToken = t[0];
+                } else if (
+                    actionId === V4_SWAP_EXACT_IN ||
+                    actionId === V4_SWAP_EXACT_IN_SINGLE
+                ) {
+                    // Extract amounts from exact-in swap actions
+                    if (actionId === V4_SWAP_EXACT_IN) {
+                        // ExactInputParams: (address currencyIn,
+                        //   tuple(address,uint24,int24,address,bytes)[] path,
+                        //   uint128 amountIn, uint128 amountOutMin)
+                        try {
+                            const s = coder.decode(
+                                [
+                                    "tuple(address,tuple(address,uint24,int24,address,bytes)[],uint128,uint128)",
+                                ],
+                                params[i],
+                            );
+                            if (!settleToken) settleToken = s[0][0];
+                            const path = s[0][1];
+                            if (path.length > 0 && !takeToken) {
+                                takeToken = path[path.length - 1][0];
+                            }
+                            if (!amountIn) amountIn = s[0][2];
+                            if (!amountOutMin) amountOutMin = s[0][3];
+                        } catch {
+                            // Fall through — SETTLE/TAKE will provide tokens
+                        }
+                    } else {
+                        // ExactInputSingleParams: (tuple(address,address,uint24,int24,address) poolKey,
+                        //   bool zeroForOne, uint128 amountIn, uint128 amountOutMin, bytes hookData)
+                        try {
+                            const s = coder.decode(
+                                [
+                                    "tuple(tuple(address,address,uint24,int24,address),bool,uint128,uint128,bytes)",
+                                ],
+                                params[i],
+                            );
+                            const poolKey = s[0][0];
+                            const zeroForOne = s[0][1];
+                            if (!settleToken)
+                                settleToken = zeroForOne
+                                    ? poolKey[0]
+                                    : poolKey[1];
+                            if (!takeToken)
+                                takeToken = zeroForOne
+                                    ? poolKey[1]
+                                    : poolKey[0];
+                            if (!amountIn) amountIn = s[0][2];
+                            if (!amountOutMin) amountOutMin = s[0][3];
+                        } catch {
+                            // Fall through
+                        }
+                    }
+                } else if (
+                    actionId === V4_SWAP_EXACT_OUT ||
+                    actionId === V4_SWAP_EXACT_OUT_SINGLE
+                ) {
+                    if (actionId === V4_SWAP_EXACT_OUT) {
+                        try {
+                            const s = coder.decode(
+                                [
+                                    "tuple(address,tuple(address,uint24,int24,address,bytes)[],uint128,uint128)",
+                                ],
+                                params[i],
+                            );
+                            if (!takeToken) takeToken = s[0][0];
+                            const path = s[0][1];
+                            if (path.length > 0 && !settleToken) {
+                                settleToken = path[path.length - 1][0];
+                            }
+                        } catch {
+                            // Fall through
+                        }
+                    } else {
+                        try {
+                            const s = coder.decode(
+                                [
+                                    "tuple(tuple(address,address,uint24,int24,address),bool,uint128,uint128,bytes)",
+                                ],
+                                params[i],
+                            );
+                            const poolKey = s[0][0];
+                            const zeroForOne = s[0][1];
+                            if (!settleToken)
+                                settleToken = zeroForOne
+                                    ? poolKey[0]
+                                    : poolKey[1];
+                            if (!takeToken)
+                                takeToken = zeroForOne
+                                    ? poolKey[1]
+                                    : poolKey[0];
+                        } catch {
+                            // Fall through
+                        }
+                    }
+                }
+            } catch {
+                // Skip sub-actions we can't decode
+            }
+        }
+
+        return {
+            tokenIn: settleToken,
+            tokenOut: takeToken,
+            amountIn,
+            amountOutMin,
+        };
+    } catch {
+        return null;
+    }
+}
+
 // Try to decode a Universal Router execute() call.
 // Returns { name, description, details } matching the format used by
 // the approval UI, or null if the calldata is not a recognised execute().
@@ -233,6 +384,19 @@ function decode(data, toAddress) {
                     }
                 }
 
+                if (cmdId === 0x10) {
+                    const v4 = decodeV4Swap(inputs[i]);
+                    if (v4) {
+                        if (!inputToken && v4.tokenIn) inputToken = v4.tokenIn;
+                        if (!outputToken && v4.tokenOut)
+                            outputToken = v4.tokenOut;
+                        if (!inputAmount && v4.amountIn)
+                            inputAmount = v4.amountIn;
+                        if (!minOutput && v4.amountOutMin)
+                            minOutput = v4.amountOutMin;
+                    }
+                }
+
                 if (cmdId === 0x0c) {
                     hasUnwrapWeth = true;
                 }

src/shared/wallet.js

@@ -24,6 +24,26 @@ function hdWalletFromMnemonic(mnemonic) {
     return { xpub, firstAddress };
 }
 
+function hdWalletFromXprv(xprv) {
+    const root = HDNodeWallet.fromExtendedKey(xprv);
+    if (!root.privateKey) {
+        throw new Error("Not an extended private key (xprv).");
+    }
+    const node = root.derivePath("44'/60'/0'/0");
+    const xpub = node.neuter().extendedKey;
+    const firstAddress = node.deriveChild(0).address;
+    return { xpub, firstAddress };
+}
+
+function isValidXprv(key) {
+    try {
+        const node = HDNodeWallet.fromExtendedKey(key);
+        return !!node.privateKey;
+    } catch {
+        return false;
+    }
+}
+
 function addressFromPrivateKey(key) {
     const w = new Wallet(key);
     return w.address;
@@ -38,6 +58,11 @@ function getSignerForAddress(walletData, addrIndex, decryptedSecret) {
         );
         return node.deriveChild(addrIndex);
     }
+    if (walletData.type === "xprv") {
+        const root = HDNodeWallet.fromExtendedKey(decryptedSecret);
+        const node = root.derivePath("44'/60'/0'/0");
+        return node.deriveChild(addrIndex);
+    }
     return new Wallet(decryptedSecret);
 }
 
@@ -49,6 +74,8 @@ module.exports = {
     generateMnemonic,
     deriveAddressFromXpub,
     hdWalletFromMnemonic,
+    hdWalletFromXprv,
+    isValidXprv,
     addressFromPrivateKey,
     getSignerForAddress,
     isValidMnemonic,

tests/uniswap.test.js

@@ -1,9 +1,10 @@
-const { AbiCoder, Interface, solidityPacked } = require("ethers");
+const { AbiCoder, Interface, solidityPacked, getBytes } = require("ethers");
 const uniswap = require("../src/shared/uniswap");
 
 const ROUTER_ADDR = "0x66a9893cc07d91d95644aedd05d03f95e1dba8af";
 const USDT_ADDR = "0xdAC17F958D2ee523a2206206994597C13D831ec7";
 const WETH_ADDR = "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2";
+const USDC_ADDR = "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48";
 const USER_ADDR = "0x66133E8ea0f5D1d612D2502a968757D1048c214a";
 
 // AutistMask's first-ever swap, 2026-02-27.
@@ -256,6 +257,87 @@ describe("uniswap decoder", () => {
         expect(amount.value).toBe("5.0000 USDT");
     });
 
+    // This test validates the decodeV4Swap() fix: a V4 ERC20→ERC20 swap
+    // (USDT→USDC) where the token addresses are ONLY discoverable inside
+    // the V4_SWAP sub-actions (SETTLE/TAKE). Before decodeV4Swap() was added,
+    // command 0x10 was opaque and this would decode as "Uniswap Swap" with
+    // no token info (or "ETH → ETH"). Now it correctly shows "USDT → USDC".
+    test("decodes V4_SWAP ERC20→ERC20 tokens via SETTLE/TAKE (regression: #59)", () => {
+        // Build a V4_SWAP input with SETTLE(USDT) + SWAP_EXACT_IN_SINGLE + TAKE(USDC)
+        const V4_SETTLE = 0x0b;
+        const V4_SWAP_EXACT_IN_SINGLE = 0x06;
+        const V4_TAKE = 0x0e;
+
+        // actions: SETTLE, SWAP_EXACT_IN_SINGLE, TAKE
+        const actions = new Uint8Array([
+            V4_SETTLE,
+            V4_SWAP_EXACT_IN_SINGLE,
+            V4_TAKE,
+        ]);
+
+        // SETTLE params: (address currency, uint256 maxAmount, bool payerIsUser)
+        const settleParam = coder.encode(
+            ["address", "uint256", "bool"],
+            [USDT_ADDR, 5000000n, true],
+        );
+
+        // SWAP_EXACT_IN_SINGLE params:
+        // (tuple(address,address,uint24,int24,address) poolKey, bool zeroForOne, uint128 amountIn, uint128 amountOutMin, bytes hookData)
+        const swapParam = coder.encode(
+            [
+                "tuple(tuple(address,address,uint24,int24,address),bool,uint128,uint128,bytes)",
+            ],
+            [
+                [
+                    [
+                        USDT_ADDR,
+                        USDC_ADDR,
+                        100, // fee
+                        1, // tickSpacing
+                        "0x0000000000000000000000000000000000000000", // hooks
+                    ],
+                    true, // zeroForOne
+                    5000000n, // amountIn (5 USDT)
+                    4900000n, // amountOutMin (4.9 USDC)
+                    "0x", // hookData
+                ],
+            ],
+        );
+
+        // TAKE params: (address currency, address recipient, uint256 amount)
+        const takeParam = coder.encode(
+            ["address", "address", "uint256"],
+            [USDC_ADDR, USER_ADDR, 0n],
+        );
+
+        // Encode the V4_SWAP input: (bytes actions, bytes[] params)
+        const v4Input = coder.encode(
+            ["bytes", "bytes[]"],
+            [actions, [settleParam, swapParam, takeParam]],
+        );
+
+        // Build execute() with PERMIT2_PERMIT (0x0a) + V4_SWAP (0x10)
+        // The permit provides the input token, but V4_SWAP must provide
+        // the OUTPUT token — without decodeV4Swap, output would be unknown.
+        const data = buildExecute(
+            solidityPacked(["uint8", "uint8"], [0x0a, 0x10]),
+            [encodePermit2(USDT_ADDR, 5000000n, ROUTER_ADDR), v4Input],
+            9999999999n,
+        );
+
+        const result = uniswap.decode(data, ROUTER_ADDR);
+        expect(result).not.toBeNull();
+        // Before decodeV4Swap fix: name would be "Swap USDT → ETH" or "Uniswap Swap"
+        // After fix: correctly identifies both tokens from V4 sub-actions
+        expect(result.name).toBe("Swap USDT \u2192 USDC");
+
+        const tokenIn = result.details.find((d) => d.label === "Token In");
+        expect(tokenIn.value).toContain("USDT");
+
+        const steps = result.details.find((d) => d.label === "Steps");
+        expect(steps.value).toContain("V4 Swap");
+    });
+
     test("handles unknown tokens gracefully", () => {
         const fakeToken = "0x1111111111111111111111111111111111111111";
         const data = buildExecute(